The RADIUS Filter-ID attribute consists of a string that is formatted in the RADIUS Access-Accept packet sent back from the authentication server to the switch during the authentication process.
Each user can be configured in the RADIUS server database with a RADIUS Filter-ID attribute that specifies the name of either a policy profile or management level the user should be assigned upon successful authentication. During the authentication process, when the authentication server returns a RADIUS Access-Accept packet that includes a Filter-ID matching a policy profile name configured on the switch, the switch then dynamically applies the policy profile to the physical port the supplicant is authenticating on.
The decorated Filter-ID supports a policy attribute, a management access attribute, or both in the following formats:
Enterasys:version=1:policy=policyname Enterasys:version=1:mgmt=access-mgmtType Enterasys:version=1:mgmt=access-mgmtType:policy=policyname
policyname is the name of the policy to apply to this authentication.
access-mgmtTypes supported are: ro (read-only), rw (read-write), and su (super-user).
The undecorated Filter-ID supports the policy attribute only in the following format: policyname
The undecorated format is simply a string that specifies a policy profile name. The undecorated format cannot be used for management access authentication. Decorated Filter-IDs are processed first. If no decorated Filter-IDs are found, then undecorated Filter-IDs are processed. If multiple Filter-IDs are found that contain conflicting values, a Syslog message is generated.